From 49241b071dcb76cd14ff4ebe1d1002472956210d Mon Sep 17 00:00:00 2001 From: Kevin Zheng Date: Tue, 16 Feb 2021 23:32:20 -0800 Subject: [PATCH] security/sshguard: Disable blacklisting by default The sshguard_blacklist rcvar always overrides the setting in sshguard.conf. Since the rc.d script sets sshguard_blacklist, the blacklist option in sshguard.conf is never used. This patch removes the default rcvar setting, which matches the upstream behavior of disabling blacklisting unless explicitly enabled. --- UPDATING | 8 ++++++++ security/sshguard/files/sshguard.in | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index c933014e3939..25b113e5dae2 100644 --- a/UPDATING +++ b/UPDATING @@ -5,6 +5,14 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20210922: + AFFECTS: security/sshguard + AUTHOR: kevinz5000@gmail.com + + Blacklisting is now disabled by default to avoid overriding the setting in + sshguard.conf. To enable blacklisting, uncomment the BLACKLIST_FILE line in + sshguard.conf. + 20210912: AFFECTS: x11-wm/cage, x11-wm/hikari, x11-wm/labwc, x11-wm/sway, x11-wm/wayfire AUTHOR: jbeich@FreeBSD.org diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in index d3e88a6ff196..fd59b3297e2f 100644 --- a/security/sshguard/files/sshguard.in +++ b/security/sshguard/files/sshguard.in @@ -60,7 +60,7 @@ name=sshguard rcvar=sshguard_enable -set_rcvar sshguard_blacklist "120:/var/db/sshguard/blacklist.db" "Blacklisting threshold and path to blacklist file (colon-separated)" +set_rcvar sshguard_blacklist "" "Blacklisting threshold and path to blacklist file (colon-separated)" set_rcvar sshguard_danger_thresh "" "Attack threshold" set_rcvar sshguard_pidfile "/var/run/sshguard.pid" "Path to PID file" set_rcvar sshguard_release_interval "" "Time before releasing first-time attackers (s)" -- 2.32.0